CVE-2025-6993: 
WordPress vulnerability analysis and mitigation

The Ultimate WP Mail plugin for WordPress contains a privilege escalation vulnerability (CVE-2025-6993) discovered on July 16, 2025. The vulnerability affects versions 1.0.17 to 1.3.6 and is due to improper authorization in the getemaillog_details() AJAX handler. This vulnerability allows authenticated attackers with Contributor-level access or higher to access password reset links and potentially elevate their privileges to administrator level (NVD).

The vulnerability exists in the getemaillogdetails() AJAX handler which only checks for the 'editposts' capability without restricting access to administrators or validating ownership. The handler reads client-supplied post_id and retrieves corresponding email log post content, including password reset links, allowing authenticated users with Contributor privileges to harvest admin reset links (WordPress Plugin). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability allows authenticated attackers with Contributor-level access to view email logs containing password reset links. By accessing these links, attackers can reset an administrator's password and gain full administrative access to the WordPress site (NVD).

The vulnerability has been patched in version 1.3.7 of the Ultimate WP Mail plugin. The fix includes removing password reset links from email log content before displaying it to users (WordPress Changelog). Site administrators should update to version 1.3.7 or later immediately to protect against this vulnerability.